over the weekend we did:
hackerone_count += 2;
Now at 142 submissions this year so far for #curl. Out of which 8 were confirmed actual vulnerabilities.
⇧
over the weekend we did:
hackerone_count += 2;
Now at 142 submissions this year so far for #curl. Out of which 8 were confirmed actual vulnerabilities.
Stefan Eissing
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Stefan Eissing • • •João Tiago Rebelo (NAFO J-121)
in reply to daniel:// stenberg:// • • •@icing
Karl
in reply to daniel:// stenberg:// • • •Interesting. Even when removing the AI slop count from the tallies, this year has the worst ratio of actual vulns to reports.
Do you have insights as to why that is?
daniel:// stenberg://
in reply to Karl • • •Karl
in reply to daniel:// stenberg:// • • •That would explain both the increase in volume and the drop in accuracy.
I was secretly hoping it would be a mix of "the code is becoming less vulnerable each year" and "more people than ever are interested in hunting bugs, so we're seeing an influx of new blood and obviously these people aren't as good as the old hunters... yet".
I have such a strong dislike for LLMs that I feel the bias and perhaps hope to be proven wrong about how destructive it is.
daniel:// stenberg://
in reply to Karl • • •Wolf480pl
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Wolf480pl • • •Neal Walfield
in reply to daniel:// stenberg:// • • •